Cyberheroes

Target IP: 10.10.249.175

Challenge Description: Want to be a part of the elite club of CyberHeroes? Prove your merit by finding a way to log in!


Enumeration, Exploitation, and Flag

a6649e9f1f823d060a866ead011e7c9e.png
This challenge informs me to browse the web application at http://10.10.249.175/. And doing so displays the webpage above.

7caf213235b1cc1cdf206515bb17df21.png
Pressing the Login button from the previous image displays the webpage above. Since I do not have the credentials, I did some source-code review.

6ac5376746a6c5f13c8d06a57a65a2b9.png
The JavaScript code shown above is embedded in the source-code and it is viewable. The code at line 128 is interesting as it contains the username and password the application uses to authenticate with. The username is h3ck3rBoi. However, the correct password is reversed. After reversing it, the correct password is SuperSecret@12345. Therefore, the valid credentials for the login is h3ck3rBoi:SuperSecret@12345.

a0cb62a8d6e9eab9c52fb02f77967d1c.png
And the flag is shown above after logging in with the credentials. This task was super simple.